CODEWITHSUNDEEP
pythonoauthopenid-connectauthlib
azmeuk
azmeuk

Reputation: 4506

UnsupportedAlgorithmError when parsing an id_token with python authlib

I have a oauth/oidc server and a client, both using authlib 0.14.3 and the flask integration. The server use HS256 to sign the id_token. The client has those endpoints:

oauth = OAuth()
oauth.init_app(app)
oauth.register(
    name='mydomain',
    client_id=OAUTH_CLIENT_ID,
    client_secret=OAUTH_CLIENT_SECRET,
    access_token_url="http://localhost:5000/oauth/token",
    authorize_url="http://localhost:5000/oauth/authorize",
    client_kwargs={
        'scope': 'openid profile'
    }
)

@app.route("/login", methods=["GET", "POST"])
@sheraf.connection()
def login():
    redirect_uri = url_for('users.account.authorize', _external=True)
    return oauth.mydomain.authorize_redirect(redirect_uri)


@app.route('/authorize')
def authorize():
    token = oauth.mydomain.authorize_access_token()
    userinfo = oauth.mydomain.parse_id_token(token)
    ...
    return redirect('/')

parse_id_token raise a UnsupportedAlgorithmError. Playing with a debugger I find that authlib/jose/rfc7515/jws.py:JsonWebSignature._algorithms only has RS256 available.

Am I missing something?

Upvotes: 0

Views: 418

Answers (1)

azmeuk
azmeuk

Reputation: 4506

I was missing mandatory parameters in the oidc server registration:

oauth.register(
    name='mydomain',
    client_id=OAUTH_CLIENT_ID,
    client_secret=OAUTH_CLIENT_SECRET,
    access_token_url="http://localhost:5000/oauth/token",
    authorize_url="http://localhost:5000/oauth/authorize",
    id_token_signing_alg_values_supported=["HS256", "RS256"],
    jwks={
        "keys": [{
            "kid": "my-key-id",
            "kty": "oct",
            "alg": "HS256",
            "k": urlsafe_b64encode("secret-key"),
        }]
    },
    client_kwargs={
        'scope': 'openid profile'
    }
)

Upvotes: 1

Related Questions